EP4256832A1 - Procédés et appareils pour diffusions de cellules à confiance nulle - Google Patents

Procédés et appareils pour diffusions de cellules à confiance nulle

Info

Publication number
EP4256832A1
EP4256832A1 EP21820710.8A EP21820710A EP4256832A1 EP 4256832 A1 EP4256832 A1 EP 4256832A1 EP 21820710 A EP21820710 A EP 21820710A EP 4256832 A1 EP4256832 A1 EP 4256832A1
Authority
EP
European Patent Office
Prior art keywords
cell
cell configuration
data
configuration
security level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21820710.8A
Other languages
German (de)
English (en)
Inventor
Fabian WIACEK
Kamil BECHTA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Publication of EP4256832A1 publication Critical patent/EP4256832A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • H04W60/04Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration using triggered events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/27Transitions between radio resource control [RRC] states
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Definitions

  • Examples of mobile or wireless telecommunication systems may include the Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access Network (UTRAN), Long
  • FIG. 4 illustrates an example of a system, according to an embodiment
  • FIG. 5 illustrates an example of a signaling diagram, according to an embodiment
  • FIG. 11A illustrates an example block diagram of an apparatus, according to an embodiment
  • cell configuration parameters it may be specified that some parameters may be considered as static, such as system bandwidth, or as dynamic, such as system frame number.
  • a cell search procedure may include the following steps: (a) frequency acquisition, (b) primary synchronization signal (PSS) acquisition (slot timing, secondary synchronization signal scrambling code, cell number), (c) secondary synchronization signal (SSS) acquisition (frame timing, cell group ID sequence), (d) with PSS and SSS, physical cell ID (PCI) may be calculated, (e) with PCI, reference signal (RS) location may be detected, (f) with the help of the reference signal, physical broadcast channel (PBCH) used to broadcast master information block (MIB) can be detected, (g) from MIB, system frame number (SFN) and system bandwidth may be detected, (h) decode physical control format indication channel (PCFICH) and detect how many symbols are allocated for physical downlink control channel (PDCCH), (i) decode downlink control information (DO) for system information block 1 (SIB1) from PDCCH, (j) decode SIB1 and get the scheduling information for other SIBs, and (k) de
  • 5G and LTE cells may broadcast or transmit all of the cell parameters required for establishing a RRC connection. This, however, also means that any potential unauthorized or even hostile user may use its UE to disturb connections or to intercept connections between authorized users and their UE. For instance, for high safety and security oriented 5G or LTE applications, a problem arises in that the cell openly shares essential information which could be used against this infrastructure.
  • example embodiments can improve safety and security aspects of 5G and LTE communications by not revealing cell configuration or other cell sensitive data via broadcasts or transmissions.
  • Cell configuration or other cell sensitive data may be delivered to an authorized UE in a safe and secure way, for example, by direct provision to the authorized UE internal memory as a coded cell configuration package (CCCP) compliant with tracking area update (TAU) during UE configuration by the authorized service for given operational conditions, as illustrated in Fig. 3 discussed below.
  • CCCP coded cell configuration package
  • TAU tracking area update
  • Association with TAU means that the authorized UE may receive CCCP data for all neighbour cells.
  • certain example embodiments may enable secure delivery of CCCP TAU data to an authorized UE’s internal memory, which may contain the cell configuration data required for establishing RRC connection.
  • a base station does not need to transmit the cell configuration parameters in a plain way by MIB/SIBs broadcasts or PSS/SSS synchronization transmissions, thereby improving the base station resistance for potential hostile jamming, fake base station or unauthorized access, for example, in 5G/ETE applications where safety and security aspects may have priority.
  • broadcasts or synchronization transmissions from a base station applying example embodiments for maintaining and distributing cell configuration parameters may be denoted as zero trust cell broadcasts.
  • SIB 3 Caries NR Intrafrequency Neighbor cell list and Reselection Criteria
  • SIB 4 Caries NR Interfrequency Neighbor cell list and Reselection Criteria
  • security level 3 may correspond to Layer 3 (RACH Configuration) and may be applied, for instance, in general 5G/LTE private networks to prevent from unauthorized access.
  • RACH Configuration Layer 3
  • a regular UE may not be able to decode RACH Configuration from SIB2 so it may not initiate connection by sending PRACH to this cell; but other services available in RRC Idle state may be granted.
  • CCCP TAU may contain Layer 3 content. This solution should have no impact on other cells in the vicinity, since RACH configuration may be cell specific.
  • a fake base station e.g., UE3 in Fig. 1
  • UE3 may intercept broadcast and synchronous transmissions from the given base station, e.g., gNBl in Fig. 1, and take advantage of higher transmission power for intercepting UEs, for example during handover, as illustrated for UE2.
  • UE2 may have been provided with misleading data and may select the hostile UE3 as the target cell, which may be considered as a security breach.
  • the fake base station may act, for example, as a relay and may have impact on exchanged data between the authorized UE and the given base station.
  • the fake base station may not be able to apply the correct cell configuration. If this fake base station uses freely transmitted data, an authorized UE may apply correct cell configuration, which in turn may not be correctly 4 interpreted by the fake base station.
  • the standard cell search procedure may be modified in order to continue cell search procedure in case of missing or misleading content in PSS/SSS, MIB/SIBS and SIB2 RACH configuration to enable connection for the authorized UE.
  • a regular or hostile UE which may be not aware about inserted modification and which may not have CCCP TAU data, or its updated version, i.e., as shown in the examples of Fig. 6 and Fig. 8
  • the cell search procedure should be aborted.
  • the authorized UE e.g., as shown in the example of Fig.
  • cell search procedure should be supported by the valid CCCP TAU data scope, 12 which may contain data related to applied security level (i.e., Security Levels 3, 2, or 1).
  • each cell configuration parameters received in 16 cell broadcast and synchronization transmissions may be assessed with respect to CCCP TAU content.
  • the scope of MIB/SIBs may be modified.
  • the base station may broadcast different system BW data and SFN with offset (HFN may be also shifted).
  • HFN SFN with offset
  • the unauthorized UE may not be able to correctly decode the scope of transmissions and the hostile UE may need to apply a trial and error approach to determine the correct configuration.
  • the authorized UE may be aware that received system BW value (5 MHz) should be rejected and CCCP originated value (20 MHz) should be used, and that the received SFN value (300) and offset +200 should be added.
  • Table 1 Security Levels at the authorized base station
  • PCI 3xCGN + CN [Eq. 1], where PCI is Physical Cell Identifier, CGN is Cell Group Number, and CN is Cell Number.
  • CCCP TAU content may be permanently removed when unauthorized access to UE is detected, for example in case of multiple false credential entries or when a UE case is opened.
  • CCCP TAU content in such a situation may be replaced by clearly defined fake configuration, which may reveal for operators whether the given UE was lost and used against the communication infrastructure. As an example, this may include specific RACH configuration, which may be rejected but it may provide insight that the given UE may be considered as a defector or was lost.
  • this may include specific RACH configuration, which may be rejected but it may provide insight that the given UE may be considered as a defector or was lost.
  • the user should report this security breach, or such security breach may be assumed if user status in not known. It may be assumed that user and UE may be blocked at UE Attach or another level, when UE credential may be verified. Additionally, the network operator may initiate CCCP TAU update, when new cell configuration may be provided and may be effective from the given point of time. Thus, even in such a situation, certain embodiments can ensure an adequate level of security.
  • DTSL Detection Time for specified Security Level
  • the hostile UE may not be sure whether received cell configuration parameters are correct or not, as they may have purposefully misleading character, which may be used in order to further complicate any potential hostile actions, as illustrated in the example of Fig. 1 for UE3.
  • the CCCP TAU data may be associated with a first security level (Security Level 1) corresponding to layer 1 PSS or SSS, may be associated with a second security level (Security Level 2) corresponding to layer 2 MIB or SIB, or may be associated with a third security level (Security Level 3) corresponding to random access channel configuration.
  • FIG. 10B illustrates an example flow diagram of a method relating to securely receiving or obtaining cell configuration parameters, according to an example embodiment.
  • the method of Fig. 10B may be performed by a network node or element, such as a UE, mobile station, mobile device, mobile unit, mobile equipment, user device, subscriber station, wireless terminal, tablet, smart phone, stationary device, loT device, NB-IoT device, sensor, and/or other device.
  • the method of Fig. 10B may be performed by an authorized UE
  • the method of Fig. 10B may include, at 1122, receiving, from the network node, cellular configuration signals, such as MIB/SIB and/or PSS/SSS that may include false cell static parameters or missing cell static parameters.
  • the method may include, at 1124, attempting to decode detected cell signals using parameters received in the MIB/SIB and/or PSS/SSS.
  • the MIB/SIB and/or PSS/SSS may include false or missing cell parameters, the UE may not be able to properly decode the cell signals.
  • the method may include, at 1126, searching the CCCP TAU data stored in the memory for the cell configuration data or other cell sensitive data and, at 4 1128, decoding the detected cells using the cell configuration data or other cell sensitive data stored in the memory.
  • the decoding 1128 may include using the stored CCCP TAU data to modify or supplement the received MIB/SIB and/or PSS/SSS content, which may include false or missing parameters, in order to decode the detected cell signals.
  • apparatus 10 may further include or be coupled to (internal or external) a drive or port that is configured to accept and read an external computer readable storage medium, such as an optical disc, USB drive, flash drive, or any other storage medium.
  • an external computer readable storage medium such as an optical disc, USB drive, flash drive, or any other storage medium.
  • the external computer readable storage medium may store a computer program or software for execution by processor 12 and/or apparatus 10.
  • circuitry may also cover an implementation of merely a hardware circuit or processor (or multiple processors), or portion of a hardware circuit or processor, and its accompanying software and/or firmware.
  • the term circuitry may also cover, for example, a baseband integrated circuit in a server, cellular network node or device, or other computing or network device.
  • certain example embodiments provide several technological improvements, enhancements, and/or advantages over existing technological processes and constitute an improvement at least to the technological field of wireless network control and management.
  • certain example embodiments provide systems and methods that prevent and/or avoid the detection of cell configuration parameters by possible hostile actors that could use the parameters against 5G/LTE infrastructure or other communications infrastructure.
  • some embodiments which may be denoted as zero trust cell broadcast(s)
  • an embodiment may provide for directly downloading this data to the internal memory of authorized UE(s) as CCCP TAU data or by delivering this data when a UE is in
  • the provided data may be encrypted and/or coded.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne des systèmes, des procédés, des appareils et des produits-programmes informatiques de fourniture de paramètres de configuration de cellules de manière sécurisée. Un procédé peut consister à fournir, à partir d'un nœud réseau, une configuration de cellule ou d'autres données sensibles de cellules à la mémoire interne d'un équipement utilisateur autorisé. Par exemple, la fourniture peut comprendre la fourniture de la configuration de cellule ou d'autres données sensibles de la cellule à la mémoire de l'équipement utilisateur autorisé sous forme de données de mise à jour de zone de suivi (TAU) de paquet de configuration de cellule codée (CCCP) pendant la configuration de l'équipement utilisateur autorisé ou pendant que l'équipement utilisateur autorisé est dans un état connecté de commande de ressource radio (RRC) avec le nœud réseau.
EP21820710.8A 2020-12-04 2021-12-01 Procédés et appareils pour diffusions de cellules à confiance nulle Pending EP4256832A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063121433P 2020-12-04 2020-12-04
PCT/IB2021/061189 WO2022118219A1 (fr) 2020-12-04 2021-12-01 Procédés et appareils pour diffusions de cellules à confiance nulle

Publications (1)

Publication Number Publication Date
EP4256832A1 true EP4256832A1 (fr) 2023-10-11

Family

ID=78825090

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21820710.8A Pending EP4256832A1 (fr) 2020-12-04 2021-12-01 Procédés et appareils pour diffusions de cellules à confiance nulle

Country Status (3)

Country Link
US (1) US20240015684A1 (fr)
EP (1) EP4256832A1 (fr)
WO (1) WO2022118219A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11709958B2 (en) * 2021-04-26 2023-07-25 Google Llc Systems and methods for controlling data access in client-side encryption
US20240064517A1 (en) * 2022-08-16 2024-02-22 Qualcomm Incorporated Intentionally fake configuration transmission

Also Published As

Publication number Publication date
US20240015684A1 (en) 2024-01-11
WO2022118219A1 (fr) 2022-06-09

Similar Documents

Publication Publication Date Title
US11070981B2 (en) Information protection to detect fake base stations
US10841959B2 (en) Conveying RACH information through PBCH
US10555220B2 (en) Techniques for reserving a channel of a radio frequency spectrum
US10638411B2 (en) Rogue base station router detection with machine learning algorithms
Jover et al. Enhancing the security of LTE networks against jamming attacks
Labib et al. Enhancing the robustness of LTE systems: analysis and evolution of the cell selection process
US11463875B2 (en) Detection of system information modification using access stratum security mode command
US20240015684A1 (en) Methods and apparatuses for zero trust cell broadcasts
Labib et al. Analyzing and enhancing the resilience of LTE/LTE-A systems to RF spoofing
KR102691103B1 (ko) 디바이스-대-디바이스 송신 및 수신을 위한 주파수 결정
US20210111902A1 (en) System information protection at a network function in the core network
Labib et al. How to enhance the immunity of LTE systems against RF spoofing
EP3466182B1 (fr) Combinaison rach sur de multiples tentatives
EP4059251A1 (fr) Détection de fausses stations de base sur la base de temps d'arrivée de signal
EP3566531B1 (fr) Indication de durée de ressource msg3 de canal d'accès aléatoire par un canal d'accès aléatoire msg2
CN115136510A (zh) 利用发送波束扫描的消息2重复以及用于消息3和消息4的关联波束细化
Ludant et al. Unprotected 4G/5G Control Procedures at Low Layers Considered Dangerous
WO2020037665A1 (fr) Techniques destinées à être utilisées pour identifier une station de base en tant que ressource non fiable
AT&T 1645140466114231_article.pdf
WO2022061809A1 (fr) Gestion de sécurité de modules d'identification d'abonné multiples
KR20240133970A (ko) 네트워크 존재 및 동작을 은닉하기 위한 셀 액세스

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230704

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)